Search

Language:  

Available article translations:

FileVault2 Encryption fails on macOS High Sierra

APPLIES TO:
  • Parallels Mac Management

Symptoms

  • FileVault2 Encryption fails when domain mobile account is used.

  • Local administrator account is able to force the encryption just fine.

  • Issue is presented on machine running macOS High Sierra

  • pma_agent.log file on affected machine contains following entries:

    /FileVaultUtils:1001:1153/ Command is failed : /usr/bin/fdesetup [enable -inputplist -outputplist]
    /FileVaultUtils:1001:1153/ ExitCode : 38
    /FileVaultUtils:1001:1153/ ErrorCode : 5
    
  • Attempt to turn on FileVault2 encryption manually from System Preferences - Security & Privacy using domain mobile account will result in following error:

    Authentication server refused operation because the current credentials are not authorized for the requested operation.
    

Cause

Domain mobile account can no longer be used to force FileVault2 encryption on Macs running High Sierra. This limitation was implemented with one of recent macOS High Sierra updates. More information can be found in KB article from Apple Support

Resolution

There is no possibility to bypass this limitation when using Parallels Mac Management hence starting from macOS High Sierra only local administrator accounts should be used to enable FileVault2 encryption on the Mac running macOS High Sierra




1d79b51112684448ad06c14bdc779b0d

FEEDBACK
Was this article helpful?
Tell us how we may improve it.
Yes No